WIP: feat: github action + typescript

.eslintrc.json

@@ -0,0 +1,14 @@
+{
+  "env": {
+    "browser": true,
+    "es2021": true
+  },
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "plugins": ["@typescript-eslint"],
+  "rules": {}
+}

.github/dependabot.yml

@@ -5,18 +5,8 @@ updates:
   schedule:
     interval: daily
   open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: mocha
-    versions:
-    - 8.2.1
-    - 8.3.0
-    - 8.3.1
-  - dependency-name: ejs
-    versions:
-    - 3.1.5
-  - dependency-name: lodash
-    versions:
-    - 4.17.20
-  - dependency-name: minimist
-    versions:
-    - 1.2.5
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

.github/workflows/pipeline.yml

@@ -0,0 +1,14 @@
+name: Pipeline
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v2
+      with:
+        node-version: '17'
+        cache: 'npm'
+    - run: npm install
+    - run: npm test
+    - run: npm run build

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: Publish
+on:
+  release:
+    types: [created]
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          workflow: pipeline.yml
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '17'
+          cache: 'npm'
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.gitignore

@@ -1,2 +1,146 @@
-node_modules/
 sonar-report.html
+
+# Created by https://www.toptal.com/developers/gitignore/api/node
+# Edit at https://www.toptal.com/developers/gitignore?templates=node
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+### Node Patch ###
+# Serverless Webpack directories
+.webpack/
+
+# Optional stylelint cache
+
+# SvelteKit build / generate output
+.svelte-kit
+
+# End of https://www.toptal.com/developers/gitignore/api/node

.husky/.gitignore

@@ -0,0 +1 @@
+_

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx lint-staged

README.md

@@ -19,18 +19,21 @@ $ npm install -g sonar-report
 
 ## Use
 - See all options with:
-```
+
+```bash
 $ sonar-report --help
 SYNOPSIS
     sonar-report [OPTION]...
 ```
+
 - Environment: 
   - http_proxy : the proxy to use to reach the sonarqube instance (`http://<host>:<port>`)
   - NODE_EXTRA_CA_CERTS
     - the custom certificate authority to trust (troubleshoots `Unable to verify the first certificate`) 
     - the variable holds a file name that contains the certificate in pem format (root CA or full trust chain)
 
 - Example:
+
 ```bash
 # Generate report example
 sonar-report \
@@ -41,14 +44,16 @@ sonar-report \
   --release="1.0.0" \
   --branch="feature/branch" \
   --sinceleakperiod="false" \
-  --allbugs="false" > /tmp/sonar-report_sonar-report.html
+  --allbugs="false"
+  --reportFile=/tmp/sonar-report_sonar-report.html
 
 
 # Open in browser
 xdg-open /tmp/sonar-report_sonar-report.html
 ```
 
 ## Some parameters explained
+
 ### sinceleakperiod
 
 The `sinceleakperiod` parameter activates delta analysis. If `true`, sonar-report will only get the vulnerabilities that were added since a fixed date/version or for a number of days. For this it will:
@@ -64,10 +69,12 @@ More info:
 - In sonarQube, /settings : see leak period
 
 ### allbugs
+
 - "false": only vulnerabilities are exported
 - "true": all bugs are exported
 
 ### fixMissingRule
+
 On some versions of sonar (found on 6.5), the `type` of issue and the `type` of the rule don't match (for example `VULNERABILITY` vs `CODE_SMELL` ). 
 
 In this case, when `allbugs=false`, it's possible that the issue is extracted but not it's rule. What will happen is that the issue has `/` in the description (because the description is the name of the rule).
@@ -77,6 +84,7 @@ To circumvent this issue, the fixMissingRule will extract all rules without any
 Beware that, with this parameter activated, all the issues linked to the rules displayed may not be displayed. 
 
 ### noSecurityHotspot
+
 Sonar-report will try to find how your sonarqube instance is working with hotspots depending on the running version. However in last resort, you can use the `--noSecurityHotspot="true"` flag in order to deactivate the hotspots processing. 
 
 **Note that you may miss out on some vulnerabilities when using this option if your sonarqube instance does support hotspots.**
@@ -121,7 +129,7 @@ Get the dependencies:
 npm install
 ```
 
-Run with the same command as [Use](#use) but use `node index.js` instead of `sonar-report`
+Run with the same command as [Use](#use) but use `npm run build && npm run start` instead of `sonar-report`
 
 ## Troubleshooting